Clubhouse is an application that literally exploded during confinement: the application offers access to voice rooms as a listener or participant and has made the buzz with its access exclusively by invitation.
Nevertheless, the security of the application was quickly criticized with several major hacks involving the leakage of a lot of user data.
Hackings which now find echoes on the Darknet with the sale of a lot made up of 3.8 million telephone numbers of Clubhouse users.
These numbers are probably not associated with other information, it would be impossible to associate them with names for example, or even nicknames or email addresses. However, the use of these phone numbers for phishing campaigns is possible.
The hackers shared a batch of 80 million numbers relating to Japan as proof.
But how can the batch contain 3.8 billion numbers if the application has only a few tens of millions of users? Well, because the numbers sought concern users as well as their contact book. The application thus requests access to the user’s directory when it is installed, the database therefore concerns each Clubhouse user as well as all of his contacts, even if they are not on the network. This also implies the presence of mobile and landline numbers in the proposed lot, and in particular the presence of professional numbers particularly popular with cybercriminals.